Security and Defense: Meet the ‘Cyber Defenders’

The ‘Post’ gets exclusive look at soldiers trained to prevent infiltrations of country’s most classified networks.

August 2013. IDF tanks and armored personnel carriers are taking up positions
throughout southern Lebanon following a series of Scud missile attacks on Tel
Aviv.

The forces are gearing up to conquer over 100 villages where
Military Intelligence says Hezbollah has deployed its guerrillas and rocket
launchers.

Days earlier, Israel Air Force F-16s and F-15s bombed hundreds
of targets throughout northern Lebanon, taking out the vast majority of
Hezbollah’s long-range missiles, supplied by Iran and Syria.

The infantry
and armored battalions had trained for this day for years. Commanders carefully
studied the failures of the Second Lebanon War in 2006 and stressed the need for
interoperability between the IDF’s various branches – air, sea and
land.

The years of training and the unprecedented investment in
technology was about to pay off with the largest joint air-naval-ground campaign
in Israeli history.

But then, something went wrong. Just as the chief of
staff was about to give the attack order, the screens in the tanks and the APCs
on which soldiers can see the positions of friendly and enemy forces flickered
for a second and went blank.

Attack helicopters hovering above to provide
air support suddenly lost communication with troops below and back in the
underground command center in the Kirya in Tel Aviv, the chief of staff was
wiping the sweat from his brow as he looked at a row of screens suddenly
overtaken by gray and white static.

This scenario is Israel’s nightmare,
one that top IDF officers admit causes them to lose sleep at night.

In
simple terms it is the possibility that IDF networks will be hacked by someone
searching for information.

In more complicated terms, it could mean that
Israel’s enemies will not only infiltrate a network but will also try to shut it
down or take it over.

Can this happen? No one really knows. Do Israel’s
enemies have the capability to do this today? Also an unknown but even if this
is not the case, they could one day and the IDF needs to be ready.

“The
threat is growing,” a senior officer from the C4I (command, control,
communications, computers and intelligence) Directorate explained this
week.

“The more we, as a military, rely on communications and computer
networks, the more vulnerable we become.”

Understanding the magnitude of
this evolving threat, Chief of Staff Lt.-Gen. Benny Gantz ignored
government-sanctioned budget cuts earlier this year and approved a special
multi-year budget program aimed at bolstering Israel’s cyber capabilities –
offensive and defensive.

This week, The Jerusalem Post was provided an
exclusive look at one of the newest and most classified units in the IDF – the
Cyber Defense Division.

Established a year ago, the division made history
on Tuesday with the graduation of its first course of “Cyber Defenders,” the
term the army has given to this new, revolutionary military role.

The 30
soldiers who completed the 15-week course will be dispersed throughout the IDF’s
branches where they will prowl computer networks in an effort to prevent and
detect infiltrations.

“Our purpose is to create a capability for the IDF
to confront threats developing in the cyber world and to enable the IDF to
defend itself from disruptions to its operational procedures,” Col. D.,
commander of the Cyber Defense Division, said in a rare interview.

The
decision to establish the division was made in 2010 by Gantz, who then served as
deputy chief of staff under Lt.-Gen. Gabi Ashkenazi.

Ashkenazi had asked
Gantz to conduct a review of the IDF’s cyber capabilities and to consider how to
better organize them. One possibility was to follow the United States and NATO
that had established dedicated cyber commands.

Ultimately, however, Gantz
and Ashkenazi decided to divide the responsibilities between the C4I Directorate
and Military Intelligence.

Military Intelligence Unit 8200, the
equivalent of the US National Security Agency and already responsible for signal
intelligence, eavesdropping on the enemy and code decryption, was entrusted with
offensive cyber capabilities. Defense was put in the hands of D. and his new
division in the C4I Directorate.

The branches work closely together and
rely heavily on each other’s input and experience.

The Cyber Defense
Division, for example, receives intelligence on enemy cyber capabilities from
Military Intelligence, and Unit 8200 looks to the C4I Directorate for technical
guidance.

The C4I Directorate also established a cyber war room in the
Kirya military headquarters where officers can keep an eye on the army’s various
networks. Currently, the directorate is developing a new command-and-control
system that will enable it to oversee all of the main networks at once without
needing to look at each one individually.

The importance of this unit for
the IDF was demonstrated in the decision to allow D. to recruit soldiers into
the Cyber Defenders course who have a high-enough profile to serve in combat
units.

Once accepted, the soldiers sign on for an additional year and a
half on top of their three years of compulsory service.

“The soldiers are
like hunters,” said Col. D. “They go on patrols and conduct surveillance just
like soldiers do in the air, on the ground and at sea, although with different
weapons.”

One of them, U., said that while he was interested in computers
in high school he never realized that his new job would be so important and
interesting.

Another soldier, S. – the only woman in the course – wanted
to serve in a combat unit but after she was offered the post decided to
accept.

“Without a strong defense, the offense will not be worth as
much,” she explained. “If you don’t protect your information your attempted
attack might not be successful.”

Israel’s expertise in cyber warfare
comes from defense industries that are built on graduates of some of the IDF’s
elite technological units as well as from IDF units where capabilities are
developed in-house.

Everyone agrees that cyber warfare is still in its
early stages but is quickly developing.

Stuxnet, the virus Israel was
reported by foreign sources to have used to attack Iran’s uranium enrichment
facility at Natanz, has been likened to a bomb and reports of additional viruses
have surfaced.

One of the division’s greatest challenges, though, is in
trying to predict the future – what type of capabilities Israel’s enemies are
developing and how will they be used to attack IDF networks.

“The
challenge is to accurately be able to tell what tomorrow will bring,”
D.

explained. “We need to prepare for the next war, not the one that we
already fought.”

While the IDF refuses to comment on whether cyber
attacks have already occurred, there are believed to be attempts – some
sophisticated and some not – almost every day.

D. said he will not be
able to declare success until the real test takes place. The unit’s new
insignia, though, provides the answer as to how D. would like that test to end –
it shows a globe being struck by lightning. The lightning, however, fails to
penetrate and instead shatters into pieces.